Posted
by
msmash
on Wednesday May 02, 2018 @01:30PM
from the endgame dept.

After a member of the information security community provided evidence to Facebook's chief information security officer, the company has terminated a security engineer who allegedly used their work position to stalk women online. From a report: On Monday, Motherboard reported that Facebook was investigating a claim that one of its employees used access to data granted by their job to stalk women online. Facebook has since terminated the employee, Facebook confirmed to Motherboard on Tuesday, coincidentally shortly after the social media giant announced its upcoming dating service. "We are investigating this as a matter of urgency. It's important that people's information is kept secure and private when they use Facebook," Alex Stamos, Facebook's chief information security officer, told Motherboard in a statement.

Just how far did this stalking go? Did he ever act on any of the information? Make unrequested contact or show up on doorsteps?

This sort of abuse of power *should* get him fired. Depending on his other actions, it should also get him arrested. If someone in the medical or financial fields use their access to someones private information (e.g. home address or phone number), then they'd get slapped with some "hacking" or "unlawful computer access" charges. What gives?

Funny how certain you are about what the details must be. Facebook hasn't released details on what information the employee accessed, so you're either the stalker who was fired or you're making it all up because your knee-jerk reaction is to accuse the victim.

What he was doing was barely within the lines of "stalking". It was simply online "stalking". Sending them messages, hitting them up on Tinder, and such. Nothing in real life and all of it easily blocked if desired.

In case nobody articulates this to you today.. you're an asshole.

Sorry, using your admin access to get information about women so you can hit them up on Tinder is a nail your testicles to the wall about a foot above your belt kind of offence, and it escalates from there.

You claim your actions weren't in "real life," but they say that the logs show you really did it, using real servers, with real users. You didn't just pretend to stalk somebody online, but it was really just a video game. Nope; it was real servers, real people, real log files.

What he was doing was barely within the lines of "stalking". It was simply online "stalking". Sending them messages, hitting them up on Tinder, and such. Nothing in real life and all of it easily blocked if desired.

You mean all these emails I've been getting for 20+ years are figments of my imagination?

I'll speak from experience as the engineer discovering abuse, and as the manager compelled to handle complaints about such harassment. Depending on the exact behavior, it can violate not only state law but federal law. See US Criminal Code section 223 for examples of relevant federal law. There is a short summary at https://cyber.harvard.edu/vaw0... [harvard.edu] which is also useful.

Just how far did this stalking go? Did he ever act on any of the information? Make unrequested contact or show up on doorsteps?

It's a sad world we live in when merely making contact with someone is considered an arrestable offence. Or, let's be frank, making contact with someone while being the wrong sex: no one would be calling for the arrest of a woman who did such a thing.

He should be - and has been - fired for abusing his position with Facebook. But arresting him for phoning someone or knocking on their door would be simply mad. What the heck kind of police state would do something like that?

It's a sad world we live in when merely making contact with someone is considered an arrestable offence. Or, let's be frank, making contact with someone while being the wrong sex: no one would be calling for the arrest of a woman who did such a thing.

He should be - and has been - fired for abus poting his position with Facebook. But arresting him for phoning someone or knocking on their door would be simply mad. What the heck kind of police state would do something like that?

Who said it was an arrestable offense? The person allegedly misused their access to personal data to tap potential dates/hookups. While that may not be an arrestable offense, it most certainly is a career limiting offense and the person should have been escorted to the door. As it appears they were.

It may not be an arrest-able offence, but it seems to me that texting that you are a "professional stalker" pretty much precludes you from being "spongeworthy"... If this degree of non-self-awareness is evident, you have to wonder about the mental fitness of this type of person.

Additionally, one might also conclude that Facebook might have some kind of a duty to warn future potential employers about the actions of this particular "security analyst"... Given all the contemporary issues Facebook is facing,

Serious answer, I've always thought it was good to have the watchmen, watch each other with each person watching two others randomly assigned but with no knowledge of which two are watching them. That way any conspiracy has to involve too many people to keep quiet as you'll need to get a lot of people in to get all the people who might be watchers.

Two stories down: "Tech giants hit by NSA spying slam encryption backdoors. The tech coalition includes Apple, Facebook, Google, Microsoft, and Verizon and Yahoo's parent company Oath — all of which were hit by claims of complicity with US government's surveillance."

It's the usual tech company hypocrisy. They'll defend data tooth and nail against law enforcement, but internally it all appears to be readily available to any pervert.

To take your point a little further: they're completely okay with the data being readily available to any hypothetical pervert with internal system access, but feign indignation when the content originators or shareholders become aware of it. This is almost certainly not an isolated incident.

Ok, so you fired a person who was abusing his power of position at a company. Why is this a story? It's not. It's only floated out there by Facebook to "show" they are doing something. This will not be tolerated!! See?!? We care here at Facebook!!

FB is rumored to be working on a dating app and this guy was beta testing it.. This reminds me of everyone's first friend on Friendster - Tom from Myspace. I guess creepy developers are not getting laid enough at facebook, so they need another way of hooking up.

Unless Facebook can demonstrate how they have restrictions in place for keeping employees away from personal production data, you have to assume all Facebook employees are stalking. They should also explain how 'this' employee had to do a convoluted end-run around the procedures. There is no in between.

This is probably why the guy won't get arrested. If they had a policy and access controls/auditing it would have never have gotten this far unless he was breaking into the system. They certainly have the option thought to fire the guy for misusing data to act inappropriately. Would it matter if it was a roledex on the secretaries desk?

Facebook has a lot of live data. It's not going to be possible to keep every single employee away from it. Somebody's going to have to handle it, which means access. Simple auditing isn't going to be that difficult to get around. It gets to be a cat-and-mouse game.

What a company can do is establish a firm policy, limit the number of people with access, keep records, and keep alert. That isn't going to stop misuse. Heck, the NSA had its LOVEINT.

I'm impressed... You need to give the PR department a bonus for all those late nights in smoky rooms crafting all these slick press releases. Buy them pizza and coke too. They deserve it.

I'd say you could give them a day off with pay, but I'm afraid that might be too risky. You need somebody minding the press, ready to combat the PR blemishes, ready to react to head off the rumor mill before it can start....

Really? We trust Alex Stamos on this? The guy who was Yahoo's CISO when it exposed 2B account passwords, the guy who threatened to sue anyone who reported on Facebook's Cambridge Analytica issues? Yeah, fuck that guy.

I was a contractor for a health care company and was horrified at the sensitive data I had access to. There were no easy solutions. Spend days imperfectly sanitizing terabytes of data to troubleshoot a client issue, or jump right into the client site to resolve the issue today. I'm not ashamed to say I nearly had a mental breakdown, as in a similar scenario a colleague of mine did the wrong thing in calling out a workmate's antidepressant meds because data access is a bitch.

I've worked at a company like this for several years and I've never once put a name to the terabytes of data I work with. Why would you even think about it enough to drive yourself to almost a mental breakdown?